
package com.ian;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
import org.springframework.web.multipart.support.MultipartFilter;

import javax.servlet.ServletContext;

/**
 * 总之，该类是为了在上传文件时，CSRF保护功能正常使用。
 * 但是，实测去掉该类后，也能正常上传文件。
 * In order to read the CSRF token from the body, the MultipartFilter is specified before the Spring Security filter.
 * Specifying the MultipartFilter before the Spring Security filter means that there is no authorization for
 * invoking the MultipartFilter which means anyone can place temporary files on your server.
 * However, only authorized users will be able to submit a File that is processed by your application.
 * In general, this is the recommended approach because the temporary file upload should have a negligible impact on most servers.
 */
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

	/**
	 * To ensure MultipartFilter is specified before the Spring Security filter
	 * @param servletContext
	 */
	@Override
	protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
		insertFilters(servletContext, new MultipartFilter());
	}
}
